Published: 23/07/2018 Updated: 22/04/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat keycloak
redhat single sign-on 7.2

Synopsis Important: Red Hat OpenShift Application Runtimes Thorntail 240 security & bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Import ...

Synopsis Important: Red Hat Single Sign-On 724 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 72 from theCustomer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

CWE-835 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10912 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:0877 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:2428

CVE-2018-10912

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect